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User points browser 
to Web site on Private 

SSO Server, 
establishing SSUTLS 
connection, and signs 
up for Private SSO 
service. 
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Server software 
installs client software 
on client machine as 
browser plug-in that 
implements three 
buttons in browser 
toolbar: Start Record, 

Auto-Entry and 
Change Passphrase. 
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Client software 
- requests user to enter 
passphrase. 
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Client software 
generates symmetric 
encryption key, K, 
from passphrase 
using one-way 
encryption. 
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Client software 
generates UID from K 
using one-way 
encryption 
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Client software sends 
UID to Private SSO 
Server. 
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Server software 
connects UID with 
user in User 
Database. 
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User points browser 

to Web site of 
Application service, 
establishing SSUTLS 
connection, signs up 

for Application 
service, then browser 
points to Application 
sign-on page. 
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User clicks on Start 
Record button. The 
button changes to 
Stop Record. 



Client software 
establishes SSL/TLS 

connection with 
Private SSO Server 
and requests user to 
enter passphrase. 
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Client software 
records user input 
until browser points to 
different page or user 
clicks on Stop Record 
button (and the button 
changes to Start 
Record). 
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Client software 
generates UID from K 
using one-way 
encryption 
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User enters 
passphrase and client 
software generates 
symmetric encryption 
key, K, from 
passphrase using 
one-way encryption. 
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Client software 
encrypts recorded 
user input sequence 
with symmetric 
encryption key, K 
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Client software 
encrypts URL of page 
in which the recorded 
user input was 
entered with 
symmetric encryption 
key, K 
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Client software 
connects encrypted 
user input sequence 
and encrypted URL 
with UID to form 
private information 
record. 
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Client software sends 
private information 

record to Private SSO 
Server for entry into 

Private Info Database. 
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User points browser 
to sign-oh page of 
Application service. 



User clicks on Auto- 
Entry button. 
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software in present 
browser session? 



Client software 
establishes SSL/TLS 

connection with 
Private SSO Server 
and requests user to 
enter passphrase. 



User enters 
passphrase and client 
software generates 
symmetric encryption 
key, K, from 
passphrase using 
one-way encryption. 



Client software 
generates UID from K 
using one-way 
encryption 
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Client software 
encrypts URL of 
current sign-on page 
with symmetric 
encryption key, K 
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Client software sends 
UID and encrypted 
URL to Private SSO 
Server 
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Server software 
retrieves 
corresponding record 

from Private Info 
Database and returns 
encrypted user input 
sequence to client. 



Client software 
decrypts user input 

sequence using 
symmetric encryption 
key, K. 



Client software enters 
retrieved user input 
sequence into current 
sign-on page. 
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User clicks on 
Change Passphrase 
button 
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software in present 
x browser session?. 
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Client software 
establishes SSL/TLS 

connection with 
Private SSO Server. 
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Client software 
requests user to enter 
current passphrase 
and new passphrase. 
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Client software 
requests all private 
info records 
connected with 
current UID in Private 
Info Database from 
Private SSO server. 
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Client software 
generates current UID 
and new UID from 
keys, ^ and K^,, 
respectively, using 
one-way encryption. 
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User enters current 
passphrase and new 
passphrase, and 
client software 
generates symmetric 
encryption keys, K c 
and respectively, 

from the two 
passphrases using 
one-way encryption. 
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Server software sends 
requested records to 
client. 
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Client software 
decrypts all retrieved 
records using 
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For each record, client 
software substitutes 
new UID for current 
UID and encrypts 

URL and pre-recorded 
user input with K N . 
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Client software sends 
converted records to 

server and commands 
server to switch user 
to new UID. 
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Server software 
deletes records with 

current UID from 
Private Info Database, 
changes user's record 
in User Database 
from current UID to 
new UID, and enters 
converted records in 
Private Info Database. 
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